Subscription to the full report on a daily basis can be obtained:
Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe.
To obtain a complete copy of the current report proceed to the DHS link below.
To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.

Tuesday, December 22, 2015

• J.P. Morgan Securities LLC and JPMorgan Chase Bank N.A.
agreed to pay $267 million December 18 to settle charges that they failed to
disclose numerous conflicts of interest to investors. – U.S. Securities and
Exchange Commission See
item 5 below in the Financial Services Sector

• The owners and employees of G&G Translation Services
in California were charged December 17 for allegedly billing $24.6 million
worth of fraudulent workers’ compensation claims. – KABC 7 Los Angeles See item 6 below in the Financial Services Sector

• The U.S. Congress passed the Cybersecurity Act December
18 which aims to fight cyber threats and effectively identify and prevent
cyber-attacks. – Agence France-Presse See item 22 below in the Information Technology Sector

• Police reported that 1 person was killed and more than 30
others were injured December 20 after a woman drove onto the sidewalk in front
of two resorts on the Las Vegas Strip and struck pedestrians. – Associated
Press

24. December
21, Associated Press – (Nevada) 1 dead, at least 30 injured in Las Vegas Strip
hit-and-run crash, police say. Las Vegas police reported that 1 person was
killed and more than 30 others were injured December 20 after a woman drove
onto the sidewalk in front of the Paris Hotel & Casino and Planet Hollywood
Las Vegas Resort & Casino and struck pedestrians. The driver was arrested
and police reported the incident was not an act of terrorism. Source: http://www.abc15.com/news/national/several-people-struck-by-car-on-las-vegas-strip-police-say

4. December
18, U.S. Securities and Exchange Commission – (National) Convicted fraudster
using aliases charged again for defrauding investors. The U.S. Securities
and Exchange Commission (SEC) and the U.S. Attorney’s Office for the Southern
District of New York issued parallel charges against a man December 18 for
stock and investment fraud after he allegedly defrauded at least 50
inexperienced investors by disguising himself under three aliases to sell at
least $11 million in VGTel stock. The suspect also falsely informed investors
that the funds were used for company operations, but used the funds for
personal use. Source: http://www.sec.gov/news/pressrelease/2015-285.html

5. December
18, U.S. Securities and Exchange Commission – (National) J.P Morgan
to pay $267 million for disclosure failures. The U.S. Securities and
Exchange Commission announced December 18 that J.P. Morgan Securities LLC and
JPMorgan Chase Bank N.A. agreed to pay $267 million to settle charges that they
failed to disclose numerous conflicts of interest involving a preference for
their clients to invest in the firm-managed mutual funds and hedge funds, which
kept clients from making fully informed investment decisions. Source: http://www.sec.gov/news/pressrelease/2015-283.html

21. December
21, SecurityWeek – (International) High severity flaw found in Schneider PLC
products. Schneider Electric will release a second round of firmware
updates for its Modicon M340 programmable logic controller (PLC) product line
following the discovery of a buffer overflow vulnerability that can be used to
remotely execute arbitrary code in the device’s memory and cause the affected
devices to crash when an attacker inputs a 90-100 character password. The
devices are used in sectors such as Energy, Defense Industrial Base, Nuclear,
Transportation, Government Facilities, and Water and Wastewater. Source: http://www.securityweek.com/high-severity-flaw-found-schneider-plc-products

22. December
18, Agence France-Presse – (National) Congress passes long-stalled
Cybersecurity Bill. The U.S. Congress passed the Cybersecurity Act December
18 which aims to fight cyber threats and effectively identify and prevent
cyber-attacks, after the legislation was embedded into the “omnibus” funding
bill that funds the Federal government through September 2016. The legislation
would establish DHS as a “portal” for cyber threat information and help
authorize defensive actions to counter a cybersecurity threat. Source: http://www.securityweek.com/congress-passes-long-stalled-cybersecurity-bill

23. December
18, SecurityWeek – (International) Several vulnerabilities found in eWON
industrial routers. eWON, a company that specializes in virtual private
network (VPN) routers and remote connectivity solutions, released firmware
versions 10.1s0 for its industrial routers after an independent researcher
discovered several vulnerabilities in the firmware including a user rights
management issue that can be exploited by an authenticated hacker using a
forged Uniform Resource Identifier (URL); a password visibility vulnerability
that allows a man-in-the-middle (MitM) attacker to intercept information; a
cross-site request forgery (CSRF) vulnerability that can be exploited to
perform actions on a victim’s behalf; and a cross-site scripting (XSS)
vulnerability found in the web application’s configuration fields, among other
flaws. Source: http://www.securityweek.com/several-vulnerabilities-found-ewon-industrial-routers

Links

About Me

U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions.
Motto: "When entrusted to process, you are obligated to safeguard"